Last signed-in username is displayed at Logon or lock screen
An attacker who gains access to the system either directly or through Remote Desktop session could view the name of the last user who logged on to the system. He can then guess the password using a dictionary, or try using a brute-force attack to log on. It is advisable to hide the username at Logon screen and lock screen to make Brute force attacks difficult by having two blank fields to crack in the logon screen.
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'Interactive logon: Don't display last signed-in' to 'Enabled'.
Vulnerability Manager Plus helps you to monitor security configurations and resolve misconfigurations in your network systems from a centralized console.